Jun 13, 2017Industry insights,
Your vigilance is needed
One of the most effective ways of preventing malicious emails infiltrating and affecting your IT systems or costing your business money, is to create a much better level of general internal awareness within your business and encourage each employee to remain vigilant to what different types of spam emails are doing the rounds.
The most prevalent threats are gaining traction, with threats such as ransomware affecting high-profile businesses that generate widespread panic on a global scale. In addition to the higher profile and business-crippling infiltrations, businesses are also experiencing higher volumes of spoofing and phishing emails that, while they might not be considered as serious as ransomware, can also cost a business thousands of pounds.
Below are some examples of spam and why we believe it to be suspicious.
1. A classic example of ‘spoofing’, seemingly from a colleague
Spoofing is the technique used to try to trick you into believing the email is genuine. These criminals are very good at creating seemingly genuine communication methods. This particular email is supposedly from a colleague, however, the tell-tale sign that it is not genuine can be highlighted in three ways:
- If the email is from a colleague, does the email contain your company’s email signature? If it does not, it should be flagged as suspicious.
- Look in the subject or the email link. Do they include your full name in the subject, greeting or any link? If they do, it should be flagged as suspicious.
- Look at the sign-off from the sender (e.g. sincerely, kind regards). If the email was genuinely from a colleague, then it’s likely they would sign the email in a less formal manner, using only their first name.
This example has seemingly come from ‘Dropbox’ with the simple instruction to download the files. Virus emails from Dropbox, PayPal, and Hotmail are all relatively widespread, so it’s worth being extra vigilant if you receive something like the below, that you weren’t expecting.
The tell-tale signs here are:
- You’ll notice at the top of the email that the ‘to’ address is missing, indicating that this is a mass email.
- The ‘from’ email address is clearly not a Dropbox domain.
- When you hover over any links (not clicking them), it’s clearly not a Dropbox domain.
In addition to the seemingly genuine communication, phishing techniques will often use urgent or threatening language to get the recipient to act on the instructions provided in the email. In the example of ‘phishing’ emails, a common trend is to spoof the email from a trusted source, such as your bank or online retail outlets, and flag an issue that needs your urgent attention, like a payment that has not been received or your account has been suspended. They will want you to click on a link, provide your username and password or even pay money into an account.
The tell-tale signs that this is fraudulent are:
- The email address is not from the trusted source.
- It’s been sent without the use of any personalisation.
- Hover over any link and if it’s not genuine, don’t click on it.
How can these be prevented?
The majority of cybercrime threats rely on human intervention. In other words, cybercrime could be stopped in its tracks, by raising awareness and educating your employees on what to look out for.
If it looks suspicious, even if it’s seemingly coming from a colleague, don’t click on the links, don’t open the attachment, don’t part with sensitive information, such as passwords, and don’t transfer any funds. Education really is key to ensuring your business is fully protected.